Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-36496
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
6.1
CVSSv3
CVE-2020-36497
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
NA
CVE-2009-3806
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote malicious users to execute arbitrary SQL commands via the arcurl parameter.
Dedecms Dedecms 5.1
1 EDB exploit
5.4
CVSSv3
CVE-2022-48140
DedeCMS v5.7.97 exists to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
Dedecms Dedecms 5.7.97
5.4
CVSSv3
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'
Dedecms Dedecms 5.7.108
6.5
CVSSv3
CVE-2019-10014
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
Dedecms Dedecms 5.7
7.2
CVSSv3
CVE-2022-40921
DedeCMS V5.7.99 exists to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php.
Dedecms Dedecms 5.7.99
9.8
CVSSv3
CVE-2023-37839
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows malicious users to execute arbitrary code via uploading a crafted PHP file.
Dedecms Dedecms 5.7.109
NA
CVE-2010-1097
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote malicious users to bypass authentication and gain administrative access via a value of 1 for the _SESSION[dede_admin_id] parameter, as demonstrated by a request to uploads/include/di...
Dedecms Dedecms 5.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »